Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | afcommerce -- AFCommerce
| SQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.5 | CVE-2007-5836 BID
| Apple -- Quicktime
| Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption." | | 9.3 | CVE-2007-2395 OTHER-REF APPLE FRSIRT SECTRACK SECUNIA
| Apple -- Quicktime
| Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file. | | 9.3 | CVE-2007-3750 OTHER-REF APPLE FRSIRT SECTRACK SECUNIA
| Apple -- Quicktime
| Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors. | | 9.3 | CVE-2007-3751 OTHER-REF APPLE FRSIRT SECTRACK SECUNIA
| Apple -- Quicktime
| Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image. | | 7.6 | CVE-2007-4672 BUGTRAQ OTHER-REF OTHER-REF APPLE FRSIRT SECTRACK SECUNIA
| Apple -- Quicktime
| Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom. | | 9.3 | CVE-2007-4675 IDEFENSE OTHER-REF APPLE FRSIRT SECTRACK SECUNIA
| Apple -- Quicktime
| Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image. | | 9.3 | CVE-2007-4676 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF OTHER-REF APPLE FRSIRT SECTRACK SECUNIA
| Apple -- Quicktime
| Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values. | | 9.3 | CVE-2007-4677 BUGTRAQ OTHER-REF OTHER-REF APPLE BID FRSIRT SECTRACK SECUNIA
| Avaya -- Message Networking Avaya -- Messaging Storage Server
| Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation." | | 7.8 | CVE-2007-5830 OTHER-REF SECUNIA
| Ax Developer CMS -- Ax Developer CMS
| Directory traversal vulnerability in index.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | | 9.3 | CVE-2007-5820 MILW0RM XF
| easyGB -- easyGB
| Directory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 10.0 | CVE-2007-5890 BID
| EDraw -- Flowchart ActiveX
| Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420. | | 9.3 | CVE-2007-5826 MILW0RM FRSIRT XF
| FireFly -- Media Server
| webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function. | | 7.1 | CVE-2007-5824 BUGTRAQ BUGTRAQ BUGTRAQ MILW0RM
| Firewolf Technologies -- Synergiser
| Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration. | | 7.5 | CVE-2007-5802 BUGTRAQ OTHER-REF BID
| GuppY -- GuppY
| Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NOTE: this can be leveraged for remote file inclusion by including inc/boxleft.inc and specifying a URL in the xposbox[L][] array parameter. | | 7.5 | CVE-2007-5844 MILW0RM BID
| GuppY -- GuppY
| Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc. | | 7.5 | CVE-2007-5845 MILW0RM MILW0RM OTHER-REF
| IBM -- AIX
| Stack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command. | | 7.2 | CVE-2007-4217 IDEFENSE OTHER-REF OTHER-REF AIXAPAR AIXAPAR BID XF
| IBM -- AIX
| Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv. | | 7.2 | CVE-2007-4513 IDEFENSE IDEFENSE OTHER-REF OTHER-REF AIXAPAR AIXAPAR AIXAPAR AIXAPAR BID BID
| IBM -- AIX
| Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain privileges via long command line arguments. | | 7.2 | CVE-2007-4621 IDEFENSE OTHER-REF AIXAPAR BID
| IBM -- AIX
| Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig. | | 7.2 | CVE-2007-4622 IDEFENSE OTHER-REF AIXAPAR BID
| IBM -- AIX
| Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command. | | 7.2 | CVE-2007-4623 IDEFENSE OTHER-REF OTHER-REF AIXAPAR AIXAPAR BID XF
| IDMOS -- IDMOS
| Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha (aka Phoenix) allow remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter to (1) admin.php, (2) menu_add.php, and (3) menu_operation.php in administrator/, different vectors than CVE-2007-5294. | | 10.0 | CVE-2007-5889 BUGTRAQ XF
| Infuseum -- ASP Message Board
| SQL injection vulnerability in boards/printer.asp in ASP Message Board 2.2.1c allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.5 | CVE-2007-5887 MILW0RM BID XF
| Link Grammar -- Link Grammar AbiWord -- AbiWord Link Grammar
| Stack-based buffer overflow in the separate_word function in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long word, as reachable through the separate_sentence function. | | 10.0 | CVE-2007-5395 OTHER-REF OTHER-REF SECUNIA SECUNIA
| Microsoft -- Sysinternals DebugView
| Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors. | | 7.2 | CVE-2007-4223 IDEFENSE FRSIRT SECTRACK SECUNIA
| Mozilla -- Firefox
| Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\x00) and a (1) res://, (2) about:config, or (3) file:/// URI. | | 7.1 | CVE-2007-5896 FULLDISC OTHER-REF XF
| Net-SNMP -- Net-SNMP
| The SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. | | 7.8 | CVE-2007-5846 OTHER-REF
| Oracle -- E-Business Suite 11i Oracle -- E-Business Suite 12
| SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure. | | 7.5 | CVE-2007-5766 BUGTRAQ OTHER-REF OTHER-REF
| Oracle -- Oracle9i Database Server Release 1 Oracle -- Oracle8i Database Server Release 3 Oracle -- Oracle10g Database Server Release 1 Oracle -- Oracle9i Database Server Release 2
| Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure. | | 8.5 | CVE-2007-5897 BUGTRAQ OTHER-REF
| PCRE -- PCRE
| Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patters containing unmatched "\Q\E" sequences with orphan "\E" codes. | | 7.5 | CVE-2007-1659 OTHER-REF DEBIAN FRSIRT
| PCRE -- PCRE
| Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code. | | 7.5 | CVE-2007-1660 DEBIAN FRSIRT
| PCRE -- PCRE
| Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences. | | 7.5 | CVE-2007-4766 OTHER-REF DEBIAN FRSIRT
| PCRE -- PCRE
| Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. | | 10.0 | CVE-2007-4768 DEBIAN FRSIRT
| Plone -- Plone
| Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes. | | 7.5 | CVE-2007-5741 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA
| Red Hat -- enterprise_linux_application_stack Larry Wall -- Perl MandrakeSoft -- Multi Network Firewall OpenPKG -- OpenPKG
| Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. | | 10.0 | CVE-2007-5116 OTHER-REF MANDRIVA REDHAT REDHAT BID FRSIRT SECUNIA SECUNIA
| redhat -- rhel_certificate_server
| Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL. | | 7.5 | CVE-2007-4994 REDHAT FRSIRT
| sBLOG -- sBlog
| Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators. | | 7.6 | CVE-2007-5818 BUGTRAQ OTHER-REF XF
| Scribe -- Scribe
| Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action. | | 7.5 | CVE-2007-5822 BUGTRAQ MILW0RM OTHER-REF XF
| Scribe -- Scribe
| Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the username parameter in a Register action. | | 7.5 | CVE-2007-5823 BUGTRAQ MILW0RM OTHER-REF
| SonicWall -- SSL VPN
| Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method. | | 9.3 | CVE-2007-5603 BUGTRAQ MILW0RM OTHER-REF OTHER-REF OTHER-REF CERT-VN BID SECUNIA
| SonicWall -- SSL VPN
| Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603. | | 9.3 | CVE-2007-5814 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA
| SonicWall -- SSL VPN
| Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method. | | 10.0 | CVE-2007-5815 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA
| SSL-Explorer -- SSL-Explorer
| Directory traversal vulnerability in fileSystem.do in SSL-Explorer before 0.2.14 allows remote attackers to access arbitrary files via directory traversal sequences in the path parameter. NOTE: some of these details are obtained from third party information. | | 7.5 | CVE-2007-5831 OTHER-REF SECUNIA
| SSL-Explorer -- SSL-Explorer
| Unspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject (1) headers or (2) body data in an HTTP transaction, a different vulnerability than CVE-2007-2907. NOTE: some of these details are obtained from third party information. | | 7.5 | CVE-2007-5832 OTHER-REF OTHER-REF SECUNIA
| ssreader -- Ultra Star Reader
| Stack-based buffer overflow in the pdg2.dll ActiveX control in SSReader 4.0 and earlier allow remote attackers to execute arbitrary code via a long argument to the Register method. NOTE: some details were obtained from third party sources. | | 10.0 | CVE-2007-5892 OTHER-REF FRSIRT SECUNIA
| Symantec -- Altiris Deployment Solution
| Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380. | | 7.2 | CVE-2007-5838 OTHER-REF OTHER-REF OTHER-REF BID SECTRACK SECUNIA XF
| Xpdf -- Xpdf
| Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. | | 7.6 | CVE-2007-4352 OTHER-REF SECUNIA
| Xpdf -- Xpdf
| Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. | | 9.3 | CVE-2007-5392 OTHER-REF SECUNIA
| Xpdf -- Xpdf
| Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. | | 9.3 | CVE-2007-5393 OTHER-REF SECUNIA
|